kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix API ELB security group rules

This commit is contained in:
Justin Santa Barbara 2016-12-18 16:03:55 -05:00
parent 125b9badd8
commit b7522cea28
1 changed files with 15 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
pkg/model/api_loadbalancer.go
View File

@ -98,13 +98,12 @@ func (b *APILoadBalancerBuilder) Build(c *fi.ModelBuilderContext) error {
c.AddTask(t) c.AddTask(t)
} }
// Allow HTTPS to the master instances from the ELB // Allow traffic into the ELB from APIAccess CIDRs
{ {
for _, cidr := range b.Cluster.Spec.APIAccess { for _, cidr := range b.Cluster.Spec.APIAccess {
t := &awstasks.SecurityGroupRule{ t := &awstasks.SecurityGroupRule{
Name: s("https-api-elb-" + cidr), Name: s("https-api-elb-" + cidr),
SecurityGroup: b.LinkToSecurityGroup(kops.InstanceGroupRoleMaster), SecurityGroup: b.LinkToELBSecurityGroup("api"),
SourceGroup: b.LinkToELBSecurityGroup("api"),
CIDR: s(cidr), CIDR: s(cidr),
FromPort: i64(443), FromPort: i64(443),
ToPort: i64(443), ToPort: i64(443),
@ -114,6 +113,19 @@ func (b *APILoadBalancerBuilder) Build(c *fi.ModelBuilderContext) error {
} }
} }
// Allow HTTPS to the master instances from the ELB
{
t := &awstasks.SecurityGroupRule{
Name: s("https-elb-to-master"),
SecurityGroup: b.LinkToSecurityGroup(kops.InstanceGroupRoleMaster),
SourceGroup: b.LinkToELBSecurityGroup("api"),
FromPort: i64(443),
ToPort: i64(443),
Protocol: s("tcp"),
}
c.AddTask(t)
}
for _, ig := range b.MasterInstanceGroups() { for _, ig := range b.MasterInstanceGroups() {
t := &awstasks.LoadBalancerAttachment{ t := &awstasks.LoadBalancerAttachment{
Name: s("api-" + ig.ObjectMeta.Name), Name: s("api-" + ig.ObjectMeta.Name),